credit cards

[wimpypenguin]

Does anyone know of a credit card verification system that accepts data from PHP? I have a shopping cart script that I've just integrated with a site, and now that I'm getting to the point of dealing with credit cards, I'm finding most of the services out there only deal with Perl or ASP...please help!

[aspen]

Actually IME most services will deal in anything. Maybe they simply say perl or ASP because when they started those were the only real server side technologies.

Usually this is how it works.

Your script sends info to CC processing Script
-processing-
CC processing script sends info back to your script

All that the CC processing script is doing is accepting and sending variables, it shouldn't care, or shouldn't even know, if those variables came from ASP, PHP, CGI, CF, JSP, anything.

So... any service should work fine with PHP. The only reason it wouldn't is if they purposesly block it.

Chris

[Karl]

You can compile PHP with Cybercash support in so that you can do secure transactions using it, there is a class called CyberClass for doing so.

[wimpypenguin]

Aspen, that turned out to be the case. After talking with a few businesses who told me they only accept data from ASP and Perl, I finally found these guys: http://www.authorizenet.com/ (notice the php logo
who assured me that the data that *any* authentication script accepts is just that...raw data (encrypted of course). Not a variable of any form. Oh well...I guess some folks lost business due to bad tech-support.

[freddydoesphp]

Are you talking about php and authorize.net working together? As far as I know php cannot open a socket connection to https://. You can use php to build up the varsiables that authorize.net expects but the user will still need to go to authorize.net's site to process the credit card. Unless of cource you use something like CURL
It works on the sevrer and can make connections to https:// I have sucessfulley used this in conjunction with OpenSSL to build a system that works with PHP and authorize.net where you can send the encrypted data throught a secure socket to authorize.net and get a response back without ever using their lame forms to do it. If you want more info jhust email me.

[aspen]

I've worked with authorize.

How they work is just by accepting variables, you do not have to do anything in your script with PHP, its via html forms.

You make a form fill in the correct information, include hidden fields like user name, thank you page etc, and send it to authorize's script, which then processes the transaction and sends the user to the thankyou page along with a few variables which you then use a script to interpret.

Now the form sent to authorize can be of course generated dynamically using the language of your choice, integrated with a shopping cart using the language of your choice. But when it comes right down to it its just a form. No matter what language created it.

[freddydoesphp]

Chris I am talking about never even going to authorize.net I am atlking about opening a secure socket connection to authorize.net's server and passing the data that way.

[aspen]

I don't think they offer that service.

Besides its not really necessary... many customers probably dont even realize that they've been bounced to authorize and back to you.

[freddydoesphp]

That is my point Chris, have you ever tried to customize authorize.net's forms to look like the rest of your site, you can't! But like I said in my earlier post you can, I do it, use a combo of PHP, OpenSSL and CURL to make a secure connection with authorize.net and pass data and receive data. Working Example.

<?
curl = "/usr/local/bin/curl";
$my_authnet_userid = "yourid";
$total = "1.00";
$cc_number = "41111111111111";
$cc_exp = "1002";
$invoiceno = "4365356536";
$billing_address = "your address";
$billing_address = urlencode($billing_address);
$billing_zip = "yourzipcode";
exec("$curl -d 'x_Login=$my_authnet_userid&x_Amount=$total&x_Card_Num=$cc_number&x_Exp_Date=$cc_exp&x_ADC_URL=FALSE&x_ADC_Delim_Data=TRUE&x_Invoice_Num=$invoiceno&x_Version=3.0&x_Address=$billing_address&x_Zip=$billing_zip' https://secure.authorize.net/gateway/transact.dll", $authorize, $ret);

$auth_return = split("\,", $authorize[0]);

// for debugging you can print the variables returned:
for ($idx = 0; $idx < 39; ++$idx) {
$pos = $idx+1;
echo "Code".$pos.": ".$auth_return[$idx]."<BR>";
}

if($auth_return[0] == 1){

$auth_code = $auth_return[4];
$avs_code = $auth_return[5];
$trans_id = $auth_return[6];

} elseif($auth_return[0] == 2){

print "<b>Your order cannot be processed at this time, as your
credit card was not accepted.</b><br>";

} elseif($auth_return[0] == 3){

print "<b>An error has occurred and your order cannot be proces
sed at this time.</b><br>";

}
?>

[Vinay]

freddydoesphp,

thats not the implementation you used there

cURL from a shell means running extra binaries....

cURL works great, compile it as a library and use libcurl with the PHP cURL functions ... (php has to be compiled to support them)

-----------------------------
myPHPhost.com: we know PHP

geekarea.org - where nothing means something and something means nothing

[freddydoesphp]

Maybe I used the wrong terminology, sorry! I meant using php to manipulate cURL to open a secure connection to authorize.net. I have been meaning to recompile php with libcurl on our dev server, just haven't had time. Vinay would you agree with me on the fact that it is possible to us ephp to interact with authorize.net without having to use tehir forms?

[aspen]

That is my point Chris, have you ever tried to customize authorize.net's forms to look like the rest of your site, you can't! ....

Um... we're definitely not on the same page here because that is exactly what I was hired to do when I worked with authorize and I did it just fine. It was in ASP and I was hired to make sure the ordering pages worked with authorize, design the final submit form, and construct a receipt page out of what they sent back.

The forms are not hosted by authorize. They're hosted by you. When the user clicks submit the info is sent to authorize and the user is sent to another page on your site. You never actually visit an authorize page.

[freddydoesphp]

Actually that is incorrect yes the forms are on your site but once you post your data to authorize.net you cannot get them to post anything back to you they merely pull your thank you page and display it, what if you want to get the reponse code and auth code back from them? You cannot use native suport in pHP to open a secure socket to authorize which is what I am suggesting. That way you could pass encrypted data back and forth with authorize.net withou using HTTP. Do you see what I am getting at?

[wimpypenguin]

Thanks, guys. Even if the user is taken to authorizes site, that will be fine for a bit. This is a freeby site for my folks, so tweaking the form can wait until I get settled in to the new semester
Ultimately, I would like to have everything done on my site, so if I do in fact need to use cURL, I'll be sure to enlist the help of you guys...as I have no idea what a "secure socket" is. lol.
Thanks again,
Luke

[aspen]

Freddy they do pass variables back to you. I built a receipt page out of them, unless they changed their service since I did this.

There is a whole list a response variables. The main one being the one that indicates if the transfer was successful, and then one that indicates the reason why it was not (if it wasn't).

I no longer do work for that company so I don't have the code anymore or I'd pull it out but they definitely do pass the variables back to you. I didn't imagine doing it.

[freddydoesphp]

It is still not opening a socket connection to them it is posting the data through HTTP I am atlking about doing without having to hit their servers, don't matter how much you tell me if you use a form and post to authorize.net you are still leaving your site going to their server having them process the data and then having them post the data back to you. I am talking about doing all that from your sevrer through sockets not HTTP. It is way faster and more secure.

[aspen]

Yes. Okay... I think we are finally on the same page.

[freddydoesphp]

Yes now we are on the same page, what it boils down to is that other online payment porcessors like cybercash allow you to send data to their servers through sockets and get a response instaed of the tradional post method. cURL gives you that option for php and authorize.net, that is all I am saying. I know exactly what you rae talking about, I have done a few sites like that, but it sucked because you had to leave your server, I stumbled onto the whole cURL method about a month ago, and I implemented into our new ecommerce system for my work, it is great!